TWBoards.com

The official community for Territory War

You are not logged in.

#1 5/15/2010 10:34 pm

flareblade77
New member
Registered: 5/15/2010
Posts: 4

Major security holes in lobby.

As everyone who's played this game knows, the lobby is far from perfect. There are bugs, commands left in that allow chat spamming and impersonation...

But two days ago, someone hacked themselves moderator powers, allowing them to see IP addresses of lobby users and freely ban anyone they want, locking them out of the lobby, and leaving them stuck at the "Joining private lobby..." screen until the tab is reloaded.

his/her name is Urabunny57, and he or she is currently on a power trip, acting as a self-proclaimed moral police, banning anyone for saying one line that he or she disagrees with. Worse, he/she's teaching a few of his/her friends what commands to use to get into these. I wish I knew what they were, but...

This is rather dangerous, not to mention, the whole "lobby at the mercy of a 10 year old on a power trip." thing.

I know Afro Ninja has no desire of updating this game, but this is a major security hole which needs to be patched up.

Offline

 

#2 5/15/2010 10:38 pm

CViper
Member
From: Salford, Greater Manchester
Registered: 8/8/2009
Posts: 8039

Re: Major security holes in lobby.

I doubt a ten year old could hack a game. I doubt this story.


http://i28.photobucket.com/albums/c224/crimsonviper_/Manchester-1.png

Be Alert! Britain Needs Lerts!!

Offline

 

#3 5/15/2010 11:02 pm

Shrub
Moderator
From: Minneapolis, Minnesota
Registered: 5/14/2009
Posts: 9155

Re: Major security holes in lobby.

If you can prove that they did this, then I would be interested, buuuut until then, no.


http://i719.photobucket.com/albums/ww200/AbsoluteSil3nce/ShrubNewSig.png
Signature limit: 700x140

Offline

 

#4 5/15/2010 11:05 pm

flareblade77
New member
Registered: 5/15/2010
Posts: 4

Re: Major security holes in lobby.

How long has it been since any of you actually played TWO? Trainers exist, the lobby still has a few glitches.

I know there aren't supposed to be any moderator powers, but they certainly exist right now, and they're being (ab)used.

I'm not complaining about the chat, I'm complaining about getting locked out of a lobby entirely because some kid is playing with powers he shouldn't have. When I get access to a computer with my video recording software, I'll get some footage filmed. Until then, I understand the skepticism, but you can go on and see it for yourself. Just look for that guy in the Barracks and ask him to demonstrate. He's been more than glad to.

Last edited by flareblade77 (5/15/2010 11:07 pm)

Offline

 

#5 5/15/2010 11:10 pm

exe.Cute
Member
From: South Carolina
Registered: 8/12/2008
Posts: 4634

Re: Major security holes in lobby.

This is true.  She's written a bot capable of banning people from the lobby, although I'm not sure what the specifics are.  She says she only uses it to ban people trying to cyber and even then not for very long.


While no longer active on these forums, I'm available by email if you'd like to talk to me.

Offline

 

#6 5/15/2010 11:29 pm

exe.Cute
Member
From: South Carolina
Registered: 8/12/2008
Posts: 4634

Re: Major security holes in lobby.

I don't particularly see too much of a problem with this at the moment.  She doesn't appear to be banning people left and right, and you don't seem to be level-headed enough to make judgments about whether or not she's doing more harm or good.  Obviously she didn't get the power through legitimate means, but if she's smart enough to write a bot, she's probably smart enough to do at least a half-decent job at modding.

At any rate, she's got the power now, and Afro's not going to be fixing it unless he has to, so the most we can do is ask her to use it responsibly, which I'm about to do.  My main concern is that she has the ability to give OTHER people the same power (although the bot is still running on her computer, so nobody's going to write the ban everyone in every lobby version).


While no longer active on these forums, I'm available by email if you'd like to talk to me.

Offline

 

#7 5/16/2010 2:09 am

alrocks7283
Member
From: Nyarnia
Registered: 3/9/2010
Posts: 244
Website

Re: Major security holes in lobby.

Just don't talk, follow my example. I have been banned for saying she was a fuck-face mother fuckeing cock sucker blowing her mom everyday, though. So it's understandable. And, 10 year olds can hack, I hacked this about a year ago when I was 10. He was my friend, but he pissed me off................................... russrock7283.webs.com

Last edited by alrocks7283 (5/16/2010 2:11 am)


NYAR NYAR NYAR

Offline

 

#8 5/16/2010 5:49 am

Shrub
Moderator
From: Minneapolis, Minnesota
Registered: 5/14/2009
Posts: 9155

Re: Major security holes in lobby.

SilasC wrote:

Well, you've got quite the vocabulary.

No. No, no, no. You didn't hack it. You don't know how to hack. Stop it.

I agree with you, but it's pretty much a lost cause.


http://i719.photobucket.com/albums/ww200/AbsoluteSil3nce/ShrubNewSig.png
Signature limit: 700x140

Offline

 

#9 5/16/2010 7:09 am

lucius65
Member
From: Lucania - Italy
Registered: 9/4/2008
Posts: 452
Website

Re: Major security holes in lobby.

exe.Cute wrote:

....  My main concern is that she has the ability to give OTHER people the same power ...

this is the real problem ....  while if she really use it responsibly ... is ok for me.

In any case, it is our fault. Sometime let these poor hackers win some fights!!!
They are so frustrated to excel, so always try new tricks smile


(full size for better graphics)  Two TOP40 chart    my TW3 ranking    TW3 top200 round robin

Offline

 

#10 5/16/2010 8:57 am

Shrub
Moderator
From: Minneapolis, Minnesota
Registered: 5/14/2009
Posts: 9155

Re: Major security holes in lobby.

On one hand, if she gives it away, this could mean the end of TWO. On the other hand, a moderator could solve a lot of the problems in the chats.


http://i719.photobucket.com/albums/ww200/AbsoluteSil3nce/ShrubNewSig.png
Signature limit: 700x140

Offline

 

#11 5/16/2010 9:05 am

CViper
Member
From: Salford, Greater Manchester
Registered: 8/8/2009
Posts: 8039

Re: Major security holes in lobby.

Anything to get rid of the "Press 9 for cyber". If she can write the bot herself, I doubt she's some little kid saying "LOLOLOLOLOL I'll trade my bot for 2 xats and a day".


http://i28.photobucket.com/albums/c224/crimsonviper_/Manchester-1.png

Be Alert! Britain Needs Lerts!!

Offline

 

#12 5/16/2010 9:16 am

Shrub
Moderator
From: Minneapolis, Minnesota
Registered: 5/14/2009
Posts: 9155

Re: Major security holes in lobby.

But it was stated before she may have intentions of giving it to others. Once she does that, there's no telling who will get their hands on it.


http://i719.photobucket.com/albums/ww200/AbsoluteSil3nce/ShrubNewSig.png
Signature limit: 700x140

Offline

 

#13 5/16/2010 9:18 am

megatiny2
Member
Registered: 12/11/2008
Posts: 116

Re: Major security holes in lobby.

If kids under 10 are smart enough to go to college then they can certainly hack a flash game. As we have seen with sab. It doesn't appear to be that hard if it has been done.


http://i41.tinypic.com/28tid6q.png
http://www.forum-signatures.com/wizard/Sigs/2010/final1269169078112.jpg

Offline

 

#14 5/16/2010 11:31 am

Urabunny57
Member
From: Pangaea
Registered: 5/16/2010
Posts: 1085

Re: Major security holes in lobby.

Hi, it's me. Just wanted to clear a few things up-- first of all, I'm older than 10 (lol).

Second, I'd never make the actual bot itself available for anyone to download. I have experimented with allowing certain people I've chosen to use it by sending commands in the lobby, though. I've designed the bot so that it accepts commands from only the ips (including my own) i've listed in a file on my computer. The people I have on the list right now are players from two that I've known for a while and believe are up to the task. I've made sure they all understand that the bot is to be used as little as possible (mostly just on cyberers), and I'm always there to watch over them while they use it (I can just turn off the bot when I leave two). Also, I can remove anyone from the list at any time. I never keep bans for longer than maybe an hour or so, and usually much shorter than that.

I'd also like to point out that it would be nearly impossible for someone I haven't put on the list to use the bot, and I'd be happy to go into more detail on this if anyone's interested.

Well I guess that's about it. I figured this might be a little controversial, but it seemed like something that might improve everyone's enjoyment of the game, and it was fun designing it. If anyone has any questions they can ask them here or email me at Urabunny57@cheerful.com.

Last edited by Urabunny57 (5/16/2010 11:34 am)


http://img713.imageshack.us/img713/6532/snowman0.gif

Offline

 

#15 5/16/2010 11:43 am

CViper
Member
From: Salford, Greater Manchester
Registered: 8/8/2009
Posts: 8039

Re: Major security holes in lobby.

megatiny2 wrote:

If kids under 10 are smart enough to go to college then they can certainly hack a flash game. As we have seen with sab. It doesn't appear to be that hard if it has been done.

...
...
...
...
...


http://i28.photobucket.com/albums/c224/crimsonviper_/Manchester-1.png

Be Alert! Britain Needs Lerts!!

Offline

 

#16 5/16/2010 12:17 pm

megatiny2
Member
Registered: 12/11/2008
Posts: 116

Re: Major security holes in lobby.

Oh, by the way while I was looking for a match she was testing the banning on her friend with multiple tabs open. There is a ban hack.


http://i41.tinypic.com/28tid6q.png
http://www.forum-signatures.com/wizard/Sigs/2010/final1269169078112.jpg

Offline

 

#17 5/16/2010 12:34 pm

exe.Cute
Member
From: South Carolina
Registered: 8/12/2008
Posts: 4634

Re: Major security holes in lobby.

It's not a bug, it's a feature!  The TWO architecture is extensible to allow chat moderation!

Seriously, though, I think it's funny that after all the chat moderation suggestions, we actually did somehow manage to get chat mods.


While no longer active on these forums, I'm available by email if you'd like to talk to me.

Offline

 

#18 5/16/2010 12:57 pm

CViper
Member
From: Salford, Greater Manchester
Registered: 8/8/2009
Posts: 8039

Re: Major security holes in lobby.

Vigilantism FTW


http://i28.photobucket.com/albums/c224/crimsonviper_/Manchester-1.png

Be Alert! Britain Needs Lerts!!

Offline

 

#19 5/16/2010 2:21 pm

OrcHunter784
Member
From: Hastings, Minnesota
Registered: 5/6/2009
Posts: 369
Website

Re: Major security holes in lobby.

Urabunny57 wrote:

I'd also like to point out that it would be nearly impossible for someone I haven't put on the list to use the bot, and I'd be happy to go into more detail on this if anyone's interested.

Although that doesn't assure me too much it doesn't seem like you're someone who would go banning random people for no reason.

Please make sure who ever you give the power to that they're mentally stable.

Edit: Got rid of double negative.

Last edited by OrcHunter784 (5/16/2010 2:57 pm)


I swear I'm not as bad at communicating now as I was when I actually used this forum.

Offline

 

#20 5/16/2010 4:41 pm

Hellen
Member
From: New York City
Registered: 4/19/2010
Posts: 134
Website

Re: Major security holes in lobby.

Urabunny57 wrote:

Hi, it's me. Just wanted to clear a few things up-- first of all, I'm older than 10 (lol).

Second, I'd never make the actual bot itself available for anyone to download. I have experimented with allowing certain people I've chosen to use it by sending commands in the lobby, though. I've designed the bot so that it accepts commands from only the ips (including my own) i've listed in a file on my computer. The people I have on the list right now are players from two that I've known for a while and believe are up to the task. I've made sure they all understand that the bot is to be used as little as possible (mostly just on cyberers), and I'm always there to watch over them while they use it (I can just turn off the bot when I leave two). Also, I can remove anyone from the list at any time. I never keep bans for longer than maybe an hour or so, and usually much shorter than that.

I'd also like to point out that it would be nearly impossible for someone I haven't put on the list to use the bot, and I'd be happy to go into more detail on this if anyone's interested.

Well I guess that's about it. I figured this might be a little controversial, but it seemed like something that might improve everyone's enjoyment of the game, and it was fun designing it. If anyone has any questions they can ask them here or email me at Urabunny57@cheerful.com.

Your my hero smile. I've been wanting someone to do something about those perverts for a long time. I'm glad your doing whatever it is that your doing.


.............

Offline

 

#21 5/16/2010 8:49 pm

Shrub
Moderator
From: Minneapolis, Minnesota
Registered: 5/14/2009
Posts: 9155

Re: Major security holes in lobby.

I have a question. Does it just ban accounts, or the person's ip?


http://i719.photobucket.com/albums/ww200/AbsoluteSil3nce/ShrubNewSig.png
Signature limit: 700x140

Offline

 

#22 5/16/2010 9:52 pm

Urabunny57
Member
From: Pangaea
Registered: 5/16/2010
Posts: 1085

Re: Major security holes in lobby.

Thanks Hellen. smile    And to answer your question Shrub, it bans by ip.

edit: well, it's actually kind of both. There's a command to ban by username, but that really just puts that player's ip on the ban list (I thought it would be more effective that way). There's also a command to ban an ip explicitly. Of course there are also unban commands and a command to clear the whole ban list at once. I was thinking about adding some others but i'm not sure yet.

Last edited by Urabunny57 (5/16/2010 10:11 pm)


http://img713.imageshack.us/img713/6532/snowman0.gif

Offline

 

#23 5/16/2010 10:20 pm

Shrub
Moderator
From: Minneapolis, Minnesota
Registered: 5/14/2009
Posts: 9155

Re: Major security holes in lobby.

Well, as long as you're responsible, I'm all for this. It will be interesting to see how this works out too. Maybe it will encourage Shawn to add mods in the next installment.


http://i719.photobucket.com/albums/ww200/AbsoluteSil3nce/ShrubNewSig.png
Signature limit: 700x140

Offline

 

#24 5/17/2010 12:13 am

Afro-Ninja
Admin
From: Philadelphia
Registered: 6/13/2008
Posts: 2515
Website

Re: Major security holes in lobby.

uuhhhh....
hmmmm


Afro-Ninja Productions
http://afro-ninja.com

Offline

 

#25 5/17/2010 12:22 am

Alchemist21
Member
From: North Carolina
Registered: 10/13/2009
Posts: 1177
Website

Re: Major security holes in lobby.

This is pretty funny. Now all that's left is to make a bot that replaces all cuss and perverted words with the word "gazebo".

Offline

 

Board footer

Powered by PunBB
© Copyright 2002–2005 Rickard Andersson